Android Tapsnake Mobile Scareware: Ads Push Antivirus

Recently we have observed a series of mobile ads intended to scare users into believing that their device is infected with a threat called “Trojan: MobileOS/Tapsnake”.

Figure 1. Fake Tapsnake infection warnings

The malware alert is fake. Tapsnake is an older Android threat (we blogged about it in 2010 and detect it as Android.Tapsnake) that just happens to be mentioned in these ads to make them appear more authentic. We visited a site serving these ads using a brand new Android device with a fresh install and nothing on it and still received this alert. Users of Apple's iPhone have also reported seeing Tapsnake alerts, despite the fact that the threat doesn’t target iOS devices.

Figure 2. Scareware tactics target Android users

This type of warning is commonly associated with scareware, which originated on PCs. When users visit scareware websites, they are shown a warning that claims their computer or device is infected with malware. These scareware sites may then offer free downloads of fake antivirus software.

This is all a trick designed to convince the user to download an application.

Figure 3. Android Antivirus app offer

Symantec Security Response advises users not to install applications outside of trusted app stores. Instead, users should only trust well-known and reputable security software, such as Norton Mobile Security available on the Google Play app store. For general safety tips for smartphones and tablets, visit the Symantec Mobile Security website.